umdns: convert seccomp filter rules to OCI format
authorDaniel Golle <daniel@makrotopia.org>
Tue, 17 Nov 2020 13:11:16 +0000 (13:11 +0000)
committerDaniel Golle <daniel@makrotopia.org>
Tue, 17 Nov 2020 13:12:37 +0000 (13:12 +0000)
procd-seccomp switched to OCI-compliant seccomp parser instead of our
(legacy, OpenWrt-specific) format. Convert ruleset to new format.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
package/network/services/umdns/Makefile
package/network/services/umdns/files/umdns.json

index f02177dca24682427b4dcc6aa85616535f2f2bfa..d8cd9ae7494fbd8fd13d0485e03e9af2925702a3 100644 (file)
@@ -8,7 +8,7 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=umdns
-PKG_RELEASE:=1
+PKG_RELEASE:=2
 
 PKG_SOURCE_URL=$(PROJECT_GIT)/project/mdnsd.git
 PKG_SOURCE_PROTO:=git
index c22ba6f5fb6a6289080f6d7eaf42ec493a1b3ab2..db62f5f36de5ee56cb26de7769072651ecb1e7ce 100644 (file)
@@ -1,32 +1,43 @@
 {
-       "whitelist": [
-               "read",
-               "write",
-               "open",
-               "close",
-               "time",
-               "brk",
-               "ioctl",
-               "uname",
-               "bind",
-               "connect",
-               "getsockname",
-               "recvmsg",
-               "sendmsg",
-               "sendto",
-               "setsockopt",
-               "socket",
-               "poll",
-               "fcntl64",
-               "epoll_create",
-               "epoll_ctl",
-               "epoll_wait",
-               "rt_sigaction",
-               "sigreturn",
-               "rt_sigreturn",
-               "exit_group",
-               "exit",
-               "clock_gettime"
-       ],
-       "policy": 1
+       "defaultAction": "SCMP_ACT_KILL_PROCESS",
+       "syscalls": [
+               {
+                       "names": [
+                               "read",
+                               "write",
+                               "open",
+                               "close",
+                               "time",
+                               "brk",
+                               "ioctl",
+                               "uname",
+                               "bind",
+                               "connect",
+                               "getsockname",
+                               "recvmsg",
+                               "recvfrom",
+                               "sendmsg",
+                               "sendto",
+                               "setsockopt",
+                               "socket",
+                               "pipe",
+                               "poll",
+                               "fcntl64",
+                               "epoll_create",
+                               "epoll_create1",
+                               "epoll_ctl",
+                               "epoll_wait",
+                               "epoll_pwait",
+                               "rt_sigaction",
+                               "sigreturn",
+                               "rt_sigreturn",
+                               "rt_sigprocmask",
+                               "exit_group",
+                               "exit",
+                               "fcntl",
+                               "clock_gettime"
+                       ],
+                       "action": "SCMP_ACT_ALLOW"
+               }
+       ]
 }